Pinned Repositories
demos
Demos of various injection techniques found in malware
dll_to_exe
Converts a DLL into EXE
exe_to_dll
Converts a EXE into DLL
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
pe-bear
Portable Executable reversing tool with a friendly GUI
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
pe_to_shellcode
Converts PE into a shellcode
tiny_tracer
A Pin Tool for tracing API calls etc
hasherezade's Repositories
hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
hasherezade/pe-bear
Portable Executable reversing tool with a friendly GUI
hasherezade/pe_to_shellcode
Converts PE into a shellcode
hasherezade/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
hasherezade/exe_to_dll
Converts a EXE into DLL
hasherezade/tiny_tracer
A Pin Tool for tracing API calls etc
hasherezade/libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
hasherezade/dll_to_exe
Converts a DLL into EXE
hasherezade/bearparser
Portable Executable parsing library (from PE-bear)
hasherezade/mal_unpack
Dynamic unpacker based on PE-sieve
hasherezade/process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
hasherezade/transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
hasherezade/process_overwriting
Yet another variant of Process Hollowing
hasherezade/module_overloading
A more stealthy variant of "DLL hollowing"
hasherezade/antianalysis_demos
Set of antianalysis techniques found in malware
hasherezade/crypto_utils
Set of my small utils related to cryptography, encoding, decoding etc
hasherezade/pe2pic
Small visualizator for PE files
hasherezade/pin_n_sieve
An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
hasherezade/paramkit
A small library helping to parse commandline parameters (for C/C++)
hasherezade/hidden_bee_tools
Parser for a custom executable format from Hidden Bee malware (first stage)
hasherezade/libpeconv_tpl
A ready-made template for a project based on libpeconv.
hasherezade/shellc_encoder
Standalone Metasploit-like XOR encoder for shellcode
hasherezade/pesieve-go
Golang bindings for PE-sieve
hasherezade/mal_unpack_py
Python wrappers for mal_unpack
hasherezade/pe_utils
A set of small utilities, helpers for PIN tracers
hasherezade/sig_finder
Signature finder (from PE-bear)
hasherezade/flareon2023
hasherezade/libpeconv_and_detours_tpl
A template for projects using both libPeConv and MS Detours
hasherezade/hasherezade.github.io
My projects' homepage
hasherezade/SweetDreams
Implementation of Advanced Module Stomping and Heap/Stack Encryption